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Abstract 


This specification defines a portion of the Management Information 
Base (MIB) for use with network management based on the Simple 
Network Management Protocol (SNMP). In particular, it defines 
objects for configuring, monitoring, and controlling routers that 
employ the Virtual Router Redundancy Protocol Version 3 (VRRPv3) for 
both IPv4 and IPv6 as defined in RFC 5798. This memo obsoletes RFC 
2787. 


Status of This Memo 
This is an Internet Standards Track document. 


This document is a product of the Internet Engineering Task Force 


(IETF). It represents the consensus of the IETF community. It has 
received public review and has been approved for publication by the 
Internet Engineering Steering Group (IESG). Further information on 


Internet Standards is available in Section 2 of RFC 5741. 


Information about the current status of this document, any errata, 
and how to provide feedback on it may De obtained at 
http://www.rfc-editor.org/info/rfc6527. 


Copyright Notice 


Copyright (c) 2012 IETF Trust and the persons identified as the 
document authors. All rights reserved. 


This document is subject to BCP 78 and the IETF Trust’s Legal 
Provisions Relating to IETF Documents 
(http://trustee.ietf.org/license-info) in effect on the date of 
publication of this document. Please review these documents 
carefully, as they describe your rights and restrictions with respect 
to this document. Code Components extracted from this document must 
include Simplified BSD License text as described in Section 4.e of 
the Trust Legal Provisions and are provided without warranty as 
described in the Simplified BSD License. 
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This document may contain material from IETF Documents or IETF 
Contributions published or made publicly available before November 
10, 2008. The person(s) controlling the copyright in some of this 
material may not have granted the IETF Trust the right to allow 
modifications of such material outside the IETF Standards Process. 
Without obtaining an adequate license from the person(s) controlling 
the copyright in such materials, this document may not be modified 
outside the IETF Standards Process, and derivative works of it may 
not be created outside the IETF Standards Process, except to format 
it for publication as an RFC or to translate it into languages other 
than English. 
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1. The Internet-Standard Management Framework 


For a detailed overview of the documents that describe the current 
Internet-Standard Management Framework, please refer to section 7 of 
RFC 3410 [RFC3410]. 


Managed objects are accessed via a virtual information store, termed 
the Management Information Base or MIB. MIB objects are generally 
accessed through the Simple Network Management Protocol (SNMP). 
Objects in the MIB are defined using the mechanisms defined in the 
Structure of Management Information (SMI). This memo specifies a MIB 
module that is compliant to the SMIv2, which is described in STD 58, 
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 
[RFC2580]. 
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Introduction 


This specification defines a portion of the MIB for use with SNMP- 
based network management. In particular, it defines objects for 
configuring, monitoring, and controlling routers that employ the 
Virtual Router Redundancy Protocol Version 3 (VRRPv3) for both IPv4 
and IPv6 as defined in RFC 5798 [RFC5798]. 


Terminology 

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", “SHALL NOT", 
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 
"OPTIONAL" in this document are to be interpreted as described in RFC 
2119 [RFC2119]. 


Relationship to RFC 2787 


This document obsoletes RFC 2787 [RFC2787]. The major changes in 
this document reflect changes in the VRRP protocol between RFC 2338 
[RFC2338] and RFC 5798 [RFC5798]. This document is also updated to 


conform to current MIB conventions. 
Relation to Interface Group (IF-MIB) 


Since a router can be participating in VRRP on one or more 
interfaces, "ifIndex" is used as an index into the tables defined in 
the VRRP MIB. This MIB module imports ifIndex from the IF-MIB. At 
this time, the latest version of the IF-MIB is from RFC 2863 
[RFC2863]. 


Multi-Stack Implementations 

This MIB module is designed to support multi-stack implementations 
that run VRRP over IPv4 and IPv6. The IP version, Virtual Router 
Identifier (VRID), and ifIndex are used to uniquely identify rows in 
a multi-stack implementation. 


Interpretation of RFC 5798 


During the review of this document, it emerged that there are 


different possible interpretations of [RFC5798]. The authors of that 
document and the VRRP working group were unable to reach consensus as 
to which interpretation is correct. This document makes the 


following assumption: 
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IPv4 and IPv6 virtual routers are treated as two separate logical 
entities and represented as two separate entries in the 
vrrpv3OperationsTable. This is required due to the undefined 
behavior of the protocol in [RFC5798] in a multi-stack scenario. 


VRRP MIB Structure and Design 
This MIB module contains three tables: 


(1) The vrrpv30perationsTable contains objects that define the 
operational characteristics of a VRRP router. Rows in this 
table correspond to instances of virtual routers. 


(2) The vrrpv3StatisticsTable contains the operating statistics for 
a VRRP router. 


(3) The vrrpv3AssociatedIpAddrTable contains the addresses of the 
virtual router(s) that a given VRRP router is backing up. 


Tables are indexed on ifIndex, VRID, and the IP version to uniquely 
identify a VRRP router. 


Notifications in this MIB module are controlled using the mechanisms 
defined in [RFC3413]. 


VRRP Multi-Stack Scenario 


The following section provides examples of how some of the objects in 
this MIB are instantiated. 


KEY: 


The labels in the following tables and diagrams correspond to the 
actual MIB objects as follows: 


if = IfIndex 

AddrType= vrrpv30perationsInetAddrType 
Vrid = vrrpv3OperationsVrId 

State = vrrpv30perationsStatus 

Prior = vrrpv30perationsPriority 
IpAddr = vrrpv3OperationsMasterIpAddr 


The following figure shows a hypothetical network with two VRRP 
routers, VRI & VR2, configured with two virtual routers. Addresses 
in '()' indicate the address of the default gateway for a given host; 
Hl to H4 are IPv4 hosts, and H5 to H8 are IPv6 hosts. A, B, and C 
are IPv4 addresses, and X, Y, and Z are IPv6 addresses. In the 
diagram, "Interface" is used in the context defined in IF-MIB. 
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+------ + +------ + 
| VRI | | VR2 | 
| | | | 
+------ + +------ + 
| | 
Intf = Il Intf = 12 
IP A | IP X IP B | IP Y 
IP C | | IP Z 
VRID = 1 VRID=2 VRID=2 VRID = 1 
----+------ +------ +-+------- +-------- +-------- ++------ +-------- +--- 


+----+ +----+ +----+  +----+ +----+ +----+  +----+ +----+ 
+----+ +----+ +----+ +----+ +----+ +----+ +----+ +----+ 
Ses MIB Tables For VRRP Router "VRI": == == 


vrrpv30perationsTable 


| if | VrId | AddrType | State | Prior |IpAdar | 
+----+------ +-------- +------- +------- +------ +--(..)--+ 
HIE JI, 032 ¿| do KM IJ SS. ` Al 
+----+------ +-------- +------- +------- +------ +--(..)--+ 
| I1 | o1 | 2 | B | 1-254 | Y | 
+----+------ +-------- +------- +------- +------ +--(..)--+ 
| 11 | 02 | 1 | B | 1-254 | B | 
+----+------ +-------- +------- +------- +------ +--(..)--+ 
| 11 | 02 | 22 U GM U OT) 2868.40 nl 
+----+------ +-------- +------- +------- +------ +-------- + 
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vrrpv3AssociatedIpAddrTable 
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"VR2": 


MIB Tables For VRRP Router 


vrrpv30perationsTable 


.)--+ 


| if | Vrid |AddrType| State | Prior |IpAddr| 
+-———+-—+- T (. 


.) --+ 
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.) --+ 
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vrrpv3AssociatedIpAddrTable 


| if | Vrid |AddrType| IP | RowStat | 

+----+------ +-------- +------ +--------- + 

| 12 | or | 1 | A | active | 

+----+------ +-------- +------ +--------- + 

[2 | or | 1 | © | active | 

+----+------ +-------- +------ +--------- + 

HE 2632 [2 | Y | active | 

+----+------ +-------- +------ +--------- + 

[TZ Moda -2 | z | active | 

+----+------ +-------- +------ +--------- + 

| 12 | 02 | 1 | B | active | 

+----+------ +-------- +------ +--------- + 

| 4221] 02: |. 2 | x | active | 

+----+------ +-------- +------ +--------- + 

NOTES 

1) For "State": M = Master; B = Backup. 
In the vrrpv30perationsTable, a "priority" of 255 indicates that 
the respective router owns the IP address, e.g., this IP address 
is native to the router (i.e., "the IP Address Owner"). 

10. Definitions 


This MIB module makes reference to the following documents [RFC2578], 
[RFC2579], [RFC2580], [RFC2863], and [RFC4001]. 


VRRPV3-MIB DEFINITIONS ::= BEGIN 


IMPORTS 
MODULE-IDENTITY, OBJECT-TYPE, 
NOTIFICATION-TYPE, Counter32, 
Integer32, mib-2, Unsigned32, 
Counter64, TimeTicks 
FROM SNMPv2-SMI = 


RFC2578 


TEXTUAL-CONVENTION, RowStatus, 
MacAddress, TruthValue, TimeStamp, 
TimeInterval 

FROM SNMPv2-TC —— RFC2579 


MODULE-COMPLIANCE, OBJECT-GROUP, 


NOTIFICATION-GROUP 
FROM SNMPv2-CONF —— RFC2580 
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ifIndex 
FROM IF-MIB —- RFC2863 
InetAddressType, InetAddress 


FROM INET-ADDRESS-MIB; —— RFC4001 


vrrpv3MIB MODULE-IDENTITY 
LAST-UPDATED "2012021300002" -- Feb 13, 2012 
ORGANIZATION "IETF VRRP Working Group" 
CONTACT-INFO 
"WG E-Mail: vrrp@ietf.org 


Editor: Kalyan Tata 
Nokia 
313 Fairchild Dr, 
Mountain View, CA 94043 
Tata_kalyan@yahoo.com" 


DESCRIPTION 
"This MIB describes objects used for managing Virtual 
Router Redundancy Protocol version 3 (VRRPv3). 


Copyright (c) 2012 IETF Trust and the persons 
identified as authors of the code. All rights 
reserved. 


Redistribution and use in source and binary forms, 
with or without modification, is permitted pursuant 
to, and subject to the license terms contained in, 
the Simplified BSD License set forth in Section 

4.c of the IETF Trust's Legal Provisions Relating 
to IETF Documents 
(http://trustee.ietf.org/license-info). 


This version of the MIB module is part of RFC 6527. 
Please see the RFC for full legal notices." 


REVISION "201202120000z" — Feb 13, 2012 
DESCRIPTION "Initial version as published in RFC 6527." 


::= í mib-2 207 ) 


—- Textual Conventions 


Vrrpv3VrIdTC ::= TEXTUAL-CONVENTION 
DISPLAY-HINT "a" 
STATUS current 
DESCRIPTION 
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"The value of the Virtual Router Identifier noted as 
(VRID) in RFC 5798. This, along with interface index 
(ifIndex) and IP version, serves to uniquely identify 
a virtual router on a given VRRP router." 

REFERENCE "RFC 5798 (Sections 3 and 5.2.3)" 

SYNTAX Integer32 (1..255) 


—-  VRRPv3 MIB Groups 


vrrpv3Notifications OBJECT IDENTIFIER ::= { vrrpv3MIB O ) 
vrrpv30bjects OBJECT IDENTIFIER :: vrrpv3MIB 1 } 
vrrpv3Conformance OBJECT IDENTIFIER ::= ( vrrpv3MIB 2 } 


Il 
a 


—- VRRPv3 MIB Objects 


vrrpv30perations OBJECT IDENTIFIER ::< ( vrrpv30bjects 1 } 
vrrpv3Statistics OBJECT IDENTIFIER ::< { vrrpv30bjects 2 } 


—-  VRRPv3 Operations Table 


vrrpv3OperationsTable OBJECT-TYPE 


SYNTAX SEQUENCE OF Vrrpv30perationsEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"Unified Operations table for a VRRP router that 
consists of a sequence (i.e., one or more conceptual 
rows) of /vrrpv30perationsEntry’ items each of which 
describe the operational characteristics of a virtual 
router." 


::= { vrrpv3Operations 1 } 


vrrpv30perationsEntry OBJECT-TYPE 


SYNTAX Vrrpv30perationsEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"An entry in the vrrpv3OperationsTable containing the 
operational characteristics of a virtual router. 

On a VRRP router, a given virtual router is 
identified by a combination of ifIndex, VRID, and 
the IP version. ifIndex represents an interface of 
the router. 


A row must be created with vrrpv30perationsStatus 


set to initialize(1) and cannot transition to 
backup(2) or master(3) until 
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vrrpv3OperationsRowStatus is transitioned to 
active(1). 


The information in this table is persistent and when 
written the entity SHOULD save the change to non- 
volatile storage." 


INDEX { ifIndex, vrrpv3OperationsVrid, 
vrrpv30perationsInetAddrType 


} 
::= { vrrpv3OperationsTable 1 } 


Vrrpv30perationsEntry ::= 


SEQUENCE { 
vrrpv3OperationsVrId 
Vrrpv3VriIdTC, 
vrrpv3OperationsInetAddrType 
InetAddressType, 
vrrpv3OperationsMaster IpAddr 
InetAddress, 
vrrpv3OperationsPrimaryIpAddr 
InetAddress, 
vrrpv3OperationsVirtualMacAddr 
MacAddress, 
vrrpv3OperationsStatus 
INTEGER, 
vrrpv3OperationsPriority 
Unsignea32, 
vrrpv3OperationsAddrCount 
Integer32, 
vrrpv3OperationsAdvInterval 
Timelnterval, 
vrrpv30perationsPreemptMode 
TruthValue, 
vrrpv30perationsAcceptMode 
TruthValue, 
vrrpv3OperationsUpTime 
TimeTicks, 
vrrpv3OperationsRowStatus 
RowStatus 
) 
vrrpv3OperationsVrid OBJECT-TYPE 


SYNTAX Vrrpv3VrIdTC 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 
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"This object contains the Virtual Router Identifier 
(VRID) ." 
REFERENCE "RFC 4001" 
::= { vrrpv30perationsEntry 1 } 


vrrpv30perationsInetAddrType OBJECT-TYPE 


SYNTAX InetAddressType 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"The IP address type of Vrrpv30perationsEntry and 
Vrrpv3AssociatedIpAddrEntry. This value determines 
the type for vrrpv3OperationsMasterIpAddr, 
vrrpv3OperationsPrimaryIpAddr, and 
vrrpv3AssociatedIpAddrAddress. 


ipv4(1) and ipv6(2) are the only two values supported 
in this MIB module." 

REFERENCE "RFC 4001" 

::= ( vrrpv30perationsEntry 2 } 


vrrpv3OperationsMasterIpAddr OBJECT-TYPE 


SYNTAX InetAddress 
MAX-ACCESS read-only 
STATUS Current 
DESCRIPTION 
"The master router's real IP address. The master router 


would set this address to vrrpv3OperationsPrimaryIpAddr 
while transitioning to master state. For backup 
routers, this is the IP address listed as the source in 
the VRRP advertisement last received by this virtual 
router." 

REFERENCE "RFC 5798" 

::= ( vrrpv30perationsEntry 3 ) 


vrrpv30perationsPrimaryIpAddr OBJECT-TYPE 


SYNTAX InetAddress 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"In the case where there is more than one IP 

Address (associated IP addresses) for a given 

'ifIndex', this object is used to specify the IP 

address that will become the 

vrrpv3OperationsMasterIpAddr', should the virtual 

router transition from backup state to master." 
::= ( vrrpv30perationsEntry 4 ) 
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vrrpv30perationsVirtualMacAddr OBJECT-TYPE 


SYNTAX MacAddress 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The virtual MAC address of the virtual router. 

Although this object can be derived from the 

"vrrpv3OperationsVrid" object, it is defined so that it 

is easily obtainable by a management application and 

can be included in VRRP-related SNMP notifications." 
::= { vrrpv3OperationsEntry 5 ) 


vrrpv30perationsStatus OBJECT-TYPE 

SYNTAX INTEGER { 
initialize(1), 
backup (2), 
master (3) 

} 

MAX-ACCESS read-only 

STATUS current 


DESCRIPTION 
"The current state of the virtual router. This object 


has three defined values: 


— ‘initialize’, which indicates that the 
virtual router is waiting for a startup event. 


- ‘backup’, which indicates that the virtual router is 
monitoring the availability of the master router. 


- ‘master’, which indicates that the virtual router 
is forwarding packets for IP addresses that are 
associated with this router." 

REFERENCE "RFC 5798" 
::= ( vrrpv30perationsEntry 6 } 


vrrpv30perationsPriority OBJECT-TYPE 


SYNTAX Unsigned32 (0..255) 
MAX-ACCESS read-create 

STATUS current 
DESCRIPTION 


"This object specifies the priority to be used for the 
virtual router master election process; higher values 
imply higher priority. 


A priority of "0", although not settable, is sent by 
the master router to indicate that this router has 
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ceased to participate in VRRP, and a backup virtual 
router should transition to become a new master. 


A priority of 255 is used for the router that owns the 
associated IP address(es) for VRRP over IPv4 and hence 
is not settable. 


Setting the values of this object to 0 or 255 should be 
rejected by the agents implementing this MIB module. 
For example, an SNMP agent would return 'badValue(3)"' 
when a user tries to set the values 0 or 255 for this 
object." 


REFERENCE "RFC 5798, Section 6.1" 
DEFVAL { 100 } 
::= { vrrpv3OperationsEntry 7 } 


vrrpv30perationsAddrCount OBJECT-TYPE 


SYNTAX Integer32 (0..255) 
MAX-ACCESS read-only 

STATUS current 
DESCRIPTION 


"The number of IP addresses that are associated with 
this virtual router. This number is equal to the 
number of rows in the vrrpv3AssociatedAddrTable that 
correspond to a given ifIndex/VRID/IP version." 
REFERENCE "RFC 5798, Section 6.1" 
::= { vrrpv3OperationsEntry 8 } 


vrrpv3OperationsAdvInterval OBJECT-TYPE 


SYNTAX TimeInterval (1..4095) 

UNITS "centiseconds" 

MAX-ACCESS read-create 

STATUS current 

DESCRIPTION 
"The time interval, in centiseconds, between sending 
advertisement messages. Only the master router sends 


VRRP advertisements." 
REFERENCE "RFC 5798, Section 6.1" 
DEFVAL { 100} 

::= { vrrpv30perationsEntry 9 } 


vrrpv30perationsPreemptMode OBJECT-TYPE 


SYNTAX TruthValue 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 
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"Controls whether a higher priority virtual router will 
preempt a lower priority master." 

REFERENCE "RFC 5798, Section 6.1" 

DEFVAL { true } 

::= { vrrpv30perationsEntry 10 } 


vrrpv30perationsAcceptMode OBJECT-TYPE 


SYNTAX TruthValue 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"Controls whether a virtual router in master state 
will accept packets addressed to the address owner’s 
IPv6 address as its own if it is not the IPv6 address 
owner. Default is false(2). 
This object is not relevant for rows representing VRRP 
over IPv4 and should be set to false(2)." 

DEFVAL { false } 

::= { vrrpv30perationsEntry 11 } 


vrrpv30perationsUpTime OBJECT-TYPE 


SYNTAX TimeTicks 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This value represents the amount of time, in 
TimeTicks (hundredth of a second), since this virtual 
router (i.e., the 'vrrpv3OperationsStatus"') 
transitioned out of 'initialize'." 

REFERENCE "RFC 5798, Section 6.1" 

::= ( vrrpv30perationsEntry 12 } 


vrrpv30perationsRowStatus OBJECT-TYPE 


SYNTAX RowStatus 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"The RowStatus variable should be used in accordance to 
installation and removal conventions for conceptual 
rows. 


To create a row in this table, a manager sets this 
object to either createAndGo(4) or createAndWait (5). 
Until instances of all corresponding columns are 
appropriately configured, the value of the 
corresponding instance of the 
'vrrpv30perationsRowStatus’ column will be read as 
notReady (3). 
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In particular, a newly created row cannot be made 
active(1) until (minimally) the corresponding instance 
of vrrpv3OperationsInetAddrType, vrrpv30perationsVrid, 
and vrrpv3OperationsPrimaryIpAddr has been set, and 
there is at least one active row in the 
"vrrpv3AssociatedIpAddrTable' defining an associated 
IP address. 


notInService(2) should be used to administratively 
bring the row down. 


A typical order of operation to add a row is: 
1. Create a row in vrrpv3OperationsTable with 
createAndWait (5). 

2. Create one or more corresponding rows in 
vrrpv3AssociatedIpAddrTable. 

3. Populate the vrrpv30perationsEntry. 

4. Set vrrpv30perationsRowStatus to active(1). 


A typical order of operation to delete an entry is: 
1. Set vrrpv3OperationsRowStatus to notInService (2). 
2. Set the corresponding rows in 
vrrpv3AssociatedIpAddrTable to destroy(6) to delete 
the entry. 

3. Set vrrpv30perationsRowStatus to destroy(6) to 
delete the entry." 


::= { vrrpv3OperationsEntry 13 } 


— VRRP Associated Address Table 


vrrpv3AssociatedIpAddrTable OBJECT-TYPE 


SYNTAX SEQUENCE OF Vrrpv3AssociatedIpAddrEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"The table of addresses associated with each virtual 
router." 


::= { vrrpv3Operations 2 } 


vrrpv3AssociatedIpAddrEntry OBJECT-TYPE 


Tata 


SYNTAX Vrrpv3AssociatedIpAddrEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"An entry in the table contains an IP address that is 
associated with a virtual router. The number of rows 
for a given IP version, VrID, and ifIndex will equal 


the number of IP addresses associated (e.g., backed up) 
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by the virtual router (equivalent to 
"vrrpv3OperationsIpAddrCount"). 


Rows in the table cannot be modified unless the value 
of 'vrrpv3OperationsStatus' for the corresponding entry 
in the vrrpv30perationsTable has transitioned to 
initialize(1). 


The information in this table is persistent and when 
written the entity SHOULD save the change to non- 
volatile storage." 


INDEX { ifIndex, vrrpv3OperationsVrid, 
vrrpv3OperationsInetAddrType, 
vrrpv3AssociatedIpAddrAddress } 


::= { vrrpv3AssociatedIpAddrTable 1 } 


Vrrpv3AssociatedIpAddrEntry ::= 
SEQUENCE { 
vrrpv3AssociatedIpAddrAddress 


InetAddress, 
vrrpv3AssociatedIpAddrRowStatus 
RowStatus 


) 


vrrpv3AssociatedIpAddrAddress OBJECT-TYPE 


SYNTAX InetAddress (SIZE (0|4|16)) 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"The assigned IP addresses that a virtual router is 
responsible for backing up. 


The IP address type is determined by the value of 
vrrpv30perationsInetAddrType in the index of this 
row." 

REFERENCE "RFC 5798" 

::= { vrrpv3AssociatedIpAddrEntry 1 ) 


vrrpv3AssociatedIpAddrRowStatus OBJECT-TYPE 


SYNTAX RowStatus 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"The row status variable, used according to 
installation and removal conventions for conceptual 
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rows. To create a row in this table, a manager sets 
this object to either createAndGo(4) or 
createAndWait (5). Setting this object to active(1) 
results in the addition of an associated address for a 
virtual router. Setting this object to notInService(2) 
results in administratively bringing down the row. 


Destroying the entry or setting it to destroy(6) 
removes the associated address from the virtual router. 
The use of other values is implementation-dependent. 


Implementations should not allow deletion of the last 
row corresponding to an active row in 
vrrpv3OperationsTable. 
Refer to the description of vrrpv3OperationsRowStatus 
for typical row creation and deletion scenarios." 
::= { vrrpv3AssociatedIpAddrEntry 2 ) 
—— VRRP Router Statistics 


vrrpv3RouterChecksumErrors OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The total number of VRRP packets received with an 
invalid VRRP checksum value. 


Discontinuities in the value of this counter can occur 
at re-initialization of the management system, and at 
other times as indicated by the value of 
vrrpv3GlobalStatisticsDiscontinuityTime." 


REFERENCE "RFC 5798, Section 5.2.8" 
::= { vrrpv3Statistics 1 } 


vrrpv3RouterVersionErrors OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The total number of VRRP packets received with an 
unknown or unsupported version number. 


Discontinuities in the value of this counter can occur 
at re-initialization of the management system, and at 
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other times as indicated by the value of 
vrrpv3GlobalStatisticsDiscontinuityTime." 


REFERENCE "RFC 5798, Section 5.2.1" 
::= { vrrpv3Statistics 2 } 


vrrpv3RouterVridErrors OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


March 


"The total number of VRRP packets received with a 
VRID that is not valid for any virtual router on this 


router. 


2012 


Discontinuities in the value of this counter can occur 


at re-initialization of the management system, 


other times as indicated by the value of 
vrrpv3GlobalStatisticsDiscontinuityTime." 


REFERENCE "RFC 5798, Section 5.2.3" 
i= { vrrpv3Statistics 3 } 


vrrpv3GlobalStatisticsDiscontinuityTime OBJECT-TYPE 


SYNTAX TimeStamp 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


and at 


"The value of sysUpTime on the most recent occasion at 


which one of vrrpv3RouterChecksumErrors, 


vrrpv3RouterVersionErrors, and vrrpv3RouterVridErrors 


suffered a discontinuity. 


If no such discontinuities have occurred since the last 


re-initialization of the local management subsystem, 


then this object contains a zero value." 
::= { vrrpv3Statistics 4 } 
—- VRRP Router Statistics Table 


vrrpv3StatisticsTable OBJECT-TYPE 


SYNTAX SEQUENCE OF Vrrpv3StatisticsEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"Table of virtual router statistics." 
::= { vrrpv3Statistics 5 } 
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vrrpv3StatisticsEntry OBJECT-TYPE 


SYNTAX Vrrpv3StatisticsEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"An entry in the table containing statistics 
information about a given virtual router." 
AUGMENTS { vrrpv30perationsEntry } 
::= { vrrpv3StatisticsTable 1 } 


Vrrpv3StatisticsEntry ::= 
SEQUENCE { 
vrrpv3StatisticsMasterTransitions 
Counter32, 
vrrpv3StatisticsNewMasterReason 
INTEGER, 
vrrpv3StatisticsRcvdAdvertisements 
Counter64, 
vrrpv3StatisticsAdvintervalErrors 
Counter64, 
vrrpv3StatisticsIpTtlErrors 
Counter64, 
vrrpv3StatisticsProtoErrReason 
INTEGER, 
vrrpv3StatisticsRevdPriZeroPackets 
Counter64, 
vrrpv3StatisticsSentPriZeroPackets 
Counter64, 
vrrpv3StatisticsRcvdinvalidTypePackets 
Counter64, 
vrrpv3StatisticsAddressListErrors 
Counter64, 
vrrpv3StatisticsPacketLengthErrors 
Counter64, 
vrrpv3StatisticsRowDiscontinuityTime 
TimeStamp, 
vrrpv3StatisticsRefreshRate 
Unsigned32 
} 


vrrpv3StatisticsMasterTransitions OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The total number of times that this virtual router’s 
state has transitioned to master state. 
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Discontinuities in the value of this counter can occur 
at re-initialization of the management system, and at 
other times as indicated by the value of 
vrrpv3StatisticsRowDiscontinuityTime." 

riz { vrrpv3StatisticsEntry 1 } 


vrrpv3StatisticsNewMasterReason OBJECT-TYPE 

SYNTAX INTEGER { 
notMaster (0), 
priority (1), 
preempted (2), 
masterNoResponse (3) 

} 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"This indicates the reason for the virtual router to 
transition to master state. If the virtual router 
never transitioned to master state, the value of this 
object is notMaster(0). Otherwise, this indicates the 
reason this virtual router transitioned to master 
state the last time. Used by vrrpv3NewMaster 
notification." 

::= { vrrpv3StatisticsEntry 2 ) 


vrrpv3StatisticsRcvdAdvertisements OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The total number of VRRP advertisements received by 
this virtual router. 


Discontinuities in the value of this counter can occur 
at re-initialization of the management system, and at 
other times as indicated by the value of 
vrrpv3StatisticsRowDiscontinuityTime." 


::= { vrrpv3StatisticsEntry 3 ) 


vrrpv3StatisticsAdvintervalErrors OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The total number of VRRP advertisement packets 
received for which the advertisement interval is 
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different from the vrrpv30perationsAdvinterval 
configured on this virtual router. 


Discontinuities in the value of this counter can occur 
at re-initialization of the management system, and at 
other times as indicated by the value of 
vrrpv3StatisticsRowDiscontinuityTime." 


::= { vrrpv3StatisticsEntry 4 ) 


vrrpv3StatisticsIpTtlErrors OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The total number of VRRP packets received by the 
virtual router with IPv4 TTL (for VRRP over IPv4) or 
IPv6 Hop Limit (for VRRP over IPv6) not equal to 255. 


Discontinuities in the value of this counter can occur 
at re-initialization of the management system, and at 
other times as indicated by the value of 
vrrpv3StatisticsRowDiscontinuityTime." 

REFERENCE "RFC 5798, Section 5.1.1.3" 

::= { vrrpv3StatisticsEntry 5 } 


vrrpv3StatisticsProtoErrReason OBJECT-TYPE 
SYNTAX INTEGER { 
noError (0), 
ipTtlError (1), 
versionError (2) 
checksumError (3) 
vridError (4) 


LA 
LA 


) 
MAX-ACCESS read-only 


STATUS current 
DESCRIPTION 
"This indicates the reason for the last protocol 


error. This SHOULD be set to noError(0) when no 
protocol errors are encountered. Used by 
vrrpv3ProtoError notification." 

::= { vrrpv3StatisticsEntry 6 } 


vrrpv3StatisticsRevdPriZeroPackets OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 
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"The total number of VRRP packets received by the 
virtual router with a priority of '0'. 


Discontinuities in the value of this counter can occur 
at re-initialization of the management system, and at 
other times as indicated by the value of 
vrrpv3StatisticsRowDiscontinuityTime." 

REFERENCE "RFC 5798, Section 5.2.4" 

::= { vrrpv3StatisticsEntry 7 ) 


vrrpv3StatisticsSentPriZeroPackets OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The total number of VRRP packets sent by the virtual 
router with a priority of ’0’. 


Discontinuities in the value of this counter can occur 
at re-initialization of the management system, and at 
other times as indicated by the value of 
vrrpv3StatisticsRowDiscontinuityTime." 

REFERENCE "RFC 5798, Section 5.2.4" 

::= { vrrpv3StatisticsEntry 8 ) 


vrrpv3StatisticsRcvdinvalidTypePackets OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of VRRP packets received by the virtual 
router with an invalid value in the ‘type’ field. 


Discontinuities in the value of this counter can occur 
at re-initialization of the management system, and at 
other times as indicated by the value of 
vrrpv3StatisticsRowDiscontinuityTime." 

::= { vrrpv3StatisticsEntry 9 ) 


vrrpv3StatisticsAddressListErrors OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The total number of packets received for which the 
address list does not match the locally configured 
list for the virtual router. 
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Discontinuities in the value of this counter can occur 
at re-initialization of the management system, and at 
other times as indicated by the value of 
vrrpv3StatisticsRowDiscontinuityTime." 

::= { vrrpv3StatisticsEntry 10 } 


vrrpv3StatisticsPacketLengthErrors OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The total number of packets received with a packet 
length less than the length of the VRRP header. 


Discontinuities in the value of this counter can occur 
at re-initialization of the management system, and at 
other times as indicated by the value of 
vrrpv3StatisticsRowDiscontinuityTime." 

::= { vrrpv3StatisticsEntry 11 } 


vrrpv3StatisticsRowDiscontinuityTime OBJECT-TYPE 

SYNTAX TimeStamp 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"The value of sysUpTime on the most recent occasion at 
which any one or more of this entry’s counters 
suffered a discontinuity. 


If no such discontinuities have occurred since the last 
re-initialization of the local management subsystem, 
then this object contains a zero value." 

::= { vrrpv3StatisticsEntry 12 } 


vrrpv3StatisticsRefreshRate OBJECT-TYPE 
SYNTAX Unsigned32 
UNITS "milliseconds" 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 
"The minimum reasonable polling interval for this entry. 
This object provides an indication of the minimum 
amount of time required to update the counters in this 
entry." 
:= { vrrpv3StatisticsEntry 13 } 


= Notification Definitions 
== Notifications may be controlled using SNMP-NOTIFICATION-MIB 
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vrrpv3NewMaster NOTIFICATION-TYPE 


OBJECTS { 
vrrpv3OperationsMasterIpAddr, 
vrrpv3StatisticsNewMasterReason 

) 

STATUS current 

DESCRIPTION 


"The newMaster notification indicates that the sending 
agent has transitioned to master state." 
::= { vrrpv3Notifications 1 ) 


vrrpv3ProtoError NOTIFICATION-TYPE 


OBJECTS { 
vrrpv3StatisticsProtoErrReason 
} 
STATUS current 
DESCRIPTION 


"The notification indicates that the sending agent has 
encountered the protocol error indicated by 
vrrpv3StatisticsProtoErrReason." 

::= { vrrpv3Notifications 2 } 


-- Conformance Information 


OBJECT IDENTIFIER ::= { vrrpv3Conformance 1 } 


vrrpv3Compliances 
OBJECT IDENTIFIER ::= { vrrpv3Conformance 2 } 


vrrpv3Groups 


—- Compliance Statements 


vrrpv3FullCompliance MODULE-COMPLIANCE 


STATUS current 
DESCRIPTION 
"The compliance statement" 
MODULE -- this module 
MANDATORY-GROUPS { 
vrrpv30perationsGroup, 
vrrpv3StatisticsGroup, 
vrrpv3InfoGroup, 
vrrpv3NotificationsGroup 
} 
OBJECT vrrpv30perationsPriority 
WRITE-SYNTAX Unsigned32 (1..254) 
DESCRIPTION "Setable values are from 1 to 254." 


:= { vrrpv3Compliances 1 ) 


vrrpv3ReadOnlyCompliance MODULE-COMPLIANCE 


STATUS current 
DESCRIPTION 
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vrrpv3OperationsGroup 


Tata 


VRRP Unified MIB 


March 2012 


"When this MIB module is implemented without support 


for read-create 


(i.e., 


in read-only mode), 


then such 


an implementation can claim read-only compliance. 
Such a device can then be monitored, but cannot be 
configured with this MIB." 


MODULE -- this module 


MANDATORY-GROUPS 


vrrpv3OperationsGroup, 
vrrpv3StatisticsGroup, 


vrrpv3StatisticsDiscontinuityGroup, 
vrrpv3InfoGroup, 


vrrpv3NotificationsGroup 


OBJECT 
MIN-ACCESS 
DESCRIPTION 


OBJECT 
MIN-ACCESS 
DESCRIPTION 
OBJECT 
MIN-ACCESS 
DESCRIPTION 


OBJECT 
MIN-ACCESS 
DESCRIPTION 


OBJECT 
MIN-ACCESS 
DESCRIPTION 


OBJECT 
MIN-ACCESS 
DESCRIPTION 


OBJECT 
MIN-ACCESS 
DESCRIPTION 


vrrpv30perationsPriority 
read-only 
"Write access is not required." 


vrrpv3OperationsPrimaryIpAddr 
read-only 
"Write access is not reguired." 
vrrpv3OperationsAdvInterval 

read-only 
"Write access is not reguired. 


vrrpv3OperationsPreemptMode 
read-only 
"Write access is not reguired. 


vrrpv3OperationsAcceptMode 
read-only 
"Write access is not reguired. 


vrrpv3OperationsRowStatus 
read-only 
"Write access is not reguired. 


::= { vrrpv3Compliances 2 ) 


OBJECTS { 


OBJECT-GROUP 


Standards Track 


vrrpv3AssociatedIpAddrRowStatus 
read-only 
"Write access is not required." 
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vrrpv3OperationsVirtualMacAddr, 
vrrpv30perationsStatus, 
vrrpv3OperationsPriority, 
vrrpv3OperationsMasterIpAddr, 
vrrpv3OperationsAdvInterval, 
vrrpv3OperationsPreemptMode, 
vrrpv3OperationsAcceptMode, 
vrrpv3OperationsUpTime, 
vrrpv3OperationsRowStatus, 
vrrpv3OperationsAddrCount, 
vrrpv3OperationsPrimaryIpAddr, 
vrrpv3AssociatedIpAddrRowStatus 
) 

STATUS current 

DESCRIPTION 
"Conformance group for VRRPv3 operations." 

::= í vrrpv3Groups 1 } 


vrrpv3StatisticsGroup OBJECT-GROUP 

OBJECTS { 
vrrpv3RouterChecksumErrors, 
vrrpv3RouterVersionErrors, 
vrrpv3RouterVridErrors, 
vrrpv3StatisticsMasterTransitions, 
vrrpv3StatisticsNewMasterReason, 
vrrpv3StatisticsRcvdAdvertisements, 
vrrpv3StatisticsAdvintervalErrors, 
vrrpv3StatisticsRevdPriZeroPackets, 
vrrpv3StatisticsSentPriZeroPackets, 
vrrpv3StatisticsRcvdinvalidTypePackets, 
vrrpv3StatisticsIpTtlErrors, 
vrrpv3StatisticsProtoErrReason, 
vrrpv3StatisticsAddressListErrors, 
vrrpv3StatisticsPacketLengthErrors, 
vrrpv3StatisticsRowDiscontinuityTime, 
vrrpv3StatisticsRefreshRate 
) 

STATUS current 

DESCRIPTION 
"Conformance group for VRRPv3 statistics." 

::= í vrrpv3Groups 2 } 


vrrpv3StatisticsDiscontinuityGroup OBJECT-GROUP 
OBJECTS { 
vrrpv3GlobalStatisticsDiscontinuityTime 
} 
STATUS current 
DESCRIPTION 
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LT: 


"Objects providing information about counter 
discontinuities." 
::= { vrrpv3Groups 3 } 


vrrpv3InfoGroup  OBJECT-GROUP 
OBJECTS 1 
vrrpv3StatisticsProtoErrReason, 
vrrpv3StatisticsNewMasterReason 
) 
STATUS current 
DESCRIPTION 
"Conformance group for objects contained in VRRPv3 
notifications." 
::= { vrrpv3Groups 4 } 


vrrpv3NotificationsGroup NOTIFICATION-GROUP 

NOTIFICATIONS { 

vrrpv3NewMaster, 

vrrpv3ProtoError 

) 
STATUS current 
DESCRIPTION 

"The VRRP MIB Notification Group." 
::= { vrrpv3Groups 5 } 


END 
Security Considerations 


There are a number of management objects defined in this MIB module 
with a MAX-ACCESS clause of read-write and/or read-create. Such 
objects may be considered sensitive or vulnerable in some network 
environments. The support for SET operations in a non-secure 
environment without proper protection can have a negative effect on 
network operations. These are the tables and objects and their 
sensitivity/vulnerability: 


The objects vrrpv3OperationsPriority, vrrpv3OperationsPrimaryIpAddr, 
vrrpv3OperationsAdvInterval, vrrpv3OperationsPreemptMode, 
vrrpv30perationsAcceptMode, vrrpv30perationsRowStatus, and 
vrrpv3AssociatedIpAddrRowStatus possess the read-create attribute. 
Manipulation of these objects is capable of affecting the operation 
of a virtual router. 


Examples of how these objects could adversely affect the operation of 
a virtual router include: 
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o An unauthorized change to vrrpv3OperationsPriority can affect the 
priority used in master election, resulting in this router either 
becoming master when it should not, or in some other router being 
elected by preference. While this will disrupt the operator's 
plans, it will only replicate the unfortunate failure of multiple 
routers, and any router that does become master will be capable of 
filling that role. 


o Modification of vrrpv3OperationsPrimaryIpAddr would cause the 
configured router to take on an incorrect IP address if it becomes 
master, which would be potentially very disruptive to the network 
operation. 


o A malicious change to vrrpv3OperationsAdvInterval could either 
result in the configured router flooding the network with 
advertisements when it becomes master, or the new master not 
advertising freguently enough such that some routers do not learn 
about the new master. 


o vrrpv3OperationsPreemptMode controls whether this router will 
preempt another master router.  Setting it inappropriately will at 
worse cause one router to be master against the operator's plans, 
but that router will still be gualified to operate as a master. 


o Setting the vrrpv3OperationsAcceptMode could prevent an 
IPv6-capable VRRP router from accepting packets addressed to the 
address owner's IPv6 address as its own even if it is not the IPv6 
address owner. Although the default for this object is false(2), 
unauthorized setting of this object to false might restrict the 
function of some parts of the network. 


o The vrrpv3OperationsRowStatus object that could be used to disable 
a virtual router. While there are other columns that, if changed, 
could disrupt operations, they cannot be changed without first 
changing the RowStatus object. 


SNMP versions prior to SNMPv3 did not include adeguate security. 
Even if the network itself is secure (for example by using IPsec), 
there is no control as to who on the secure network is allowed to 
access and GET/SET (read/change/create/delete) the objects in this 
MIB module. 


Implementations MUST provide the security features described by the 
SNMPv3 framework (see [RFC3410]), including full support for 
authentication and privacy via the User-based Security Model (USM) 
[RFC3414] with the AES cipher algorithm [RFC3826].  Implementations 
MAY also provide support for the Transport Security Model (TSM) 
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1,3; 


[RFC5591] in combination with a secure transport such as SSH 
[RFC5592] or TLS/DTLS [RFC6353]. 


Further, deployment of SNMP versions prior to SNMPv3 is NOT 
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 
enable cryptographic security. It is then a customer/operator 
responsibility to ensure that the SNMP entity giving access to an 
instance of this MIB module is properly configured to give access to 
the objects only to those principals (users) that have legitimate 
rights to indeed GET or SET (change/create/delete) them. 


IANA Considerations 


The MIB module in this document uses the following IANA-assigned 
OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 


Descriptor OBJECT IDENTIFIER value 


vrrpv3MIB { mib-2 207 vrrpv3MIB VRRPV3-MIB } 


This document obsoletes RFC 2787. Therefore, IANA has deprecated 
value 68 under 'mib-2', which is assigned to VRRP-MIB. 
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